parent
b25529cda7
commit
af170f6b45
@ -1158,6 +1158,28 @@ when I run sq --no-cert-store inspect cert.pgp
|
|||||||
then stdout contains "Certifications: 1,"
|
then stdout contains "Certifications: 1,"
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
|
## Certify an identity that is not self-signed
|
||||||
|
|
||||||
|
_Requirement: We can certify a user identity on a cert, even if that
|
||||||
|
user identity doesn't exist on that cert, and consequently has no
|
||||||
|
self-signature._
|
||||||
|
|
||||||
|
~~~scenario
|
||||||
|
given an installed sq
|
||||||
|
when I run sq --no-cert-store key generate --userid Alice --output alice.pgp
|
||||||
|
when I run sq --no-cert-store key extract-cert alice.pgp -o alice-cert.pgp
|
||||||
|
when I run sq --no-cert-store key generate --userid Bob --output bob.pgp
|
||||||
|
when I run sq --no-cert-store key extract-cert bob.pgp -o bob-cert.pgp
|
||||||
|
|
||||||
|
when I run sq --no-cert-store inspect bob-cert.pgp
|
||||||
|
then stdout doesn't contain "Certifications:"
|
||||||
|
|
||||||
|
when I run sq --no-cert-store certify --add-userid alice.pgp bob-cert.pgp "My friend Bob" -o cert.pgp
|
||||||
|
when I run sq --no-cert-store inspect cert.pgp
|
||||||
|
then stdout contains "My friend Bob"
|
||||||
|
then stdout contains "Certifications: 1,"
|
||||||
|
~~~
|
||||||
|
|
||||||
|
|
||||||
# Sign a document and verify the signature: `sq sign` and `sq verify`
|
# Sign a document and verify the signature: `sq sign` and `sq verify`
|
||||||
|
|
||||||
|
@ -159,6 +159,13 @@ pub struct Command {
|
|||||||
The special keyword \"never\" sets an unlimited expiry.",
|
The special keyword \"never\" sets an unlimited expiry.",
|
||||||
)]
|
)]
|
||||||
pub expiry: Expiry,
|
pub expiry: Expiry,
|
||||||
|
#[clap(
|
||||||
|
long,
|
||||||
|
help = "Add the given user ID if it doesn't exist.",
|
||||||
|
long_help =
|
||||||
|
"Add the given user ID if it doesn't exist in the certificate.",
|
||||||
|
)]
|
||||||
|
pub add_userid: bool,
|
||||||
#[clap(
|
#[clap(
|
||||||
long = "allow-not-alive-certifier",
|
long = "allow-not-alive-certifier",
|
||||||
help = "Don't fail if the certificate making the \
|
help = "Don't fail if the certificate making the \
|
||||||
|
@ -56,12 +56,16 @@ pub fn certify(config: Config, c: certify::Command)
|
|||||||
for ua in vc.userids() {
|
for ua in vc.userids() {
|
||||||
if let Ok(a_userid) = std::str::from_utf8(ua.userid().value()) {
|
if let Ok(a_userid) = std::str::from_utf8(ua.userid().value()) {
|
||||||
if a_userid == userid {
|
if a_userid == userid {
|
||||||
u = Some(ua.userid());
|
u = Some(ua.userid().clone());
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if u.is_none() && c.add_userid {
|
||||||
|
u = Some(UserID::from(userid.as_str()));
|
||||||
|
}
|
||||||
|
|
||||||
let userid = if let Some(userid) = u {
|
let userid = if let Some(userid) = u {
|
||||||
userid
|
userid
|
||||||
} else {
|
} else {
|
||||||
@ -142,8 +146,11 @@ pub fn certify(config: Config, c: certify::Command)
|
|||||||
.sign_userid_binding(
|
.sign_userid_binding(
|
||||||
&mut signer,
|
&mut signer,
|
||||||
cert.primary_key().component(),
|
cert.primary_key().component(),
|
||||||
userid)?;
|
&userid)?;
|
||||||
let cert = cert.insert_packets(certification.clone())?;
|
let cert = cert.insert_packets(vec![
|
||||||
|
Packet::from(userid),
|
||||||
|
Packet::from(certification.clone()),
|
||||||
|
])?;
|
||||||
assert!(cert.clone().into_packets().any(|p| {
|
assert!(cert.clone().into_packets().any(|p| {
|
||||||
match p {
|
match p {
|
||||||
Packet::Signature(sig) => sig == certification,
|
Packet::Signature(sig) => sig == certification,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user